Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana has released updates to fix a critical CVSS 10.0 SCIM vulnerability (CVE-2025-41115) in versions 12.x that could lead to user impersonation and privilege escalation if SCIM provisioning is enabled and configured with a numeric external ID. The company advises users to apply the patches promptly to mitigate these risks.